That’s the case when it comes to bring-your-own-device (BYOD) in the workplace. IT departments correctly recognize that installing and using any old app or software package can be a major security risk when it comes to corporate secrets. No corporate IT manager should be blamed for wanting a proper software review before installing software, and of rejecting apps and cloud services that present too great a risk to corporate data (we’re looking at you, Dropbox (News - Alert)).

At the same time, however, the absolute best security practices are now counterproductive given the rise of BYOD. If IT is inflexible and overly slow in software adoption and support, workers now will just go around the IT department. The result of this subversion of corporate IT policy is no safer than a slightly less perfect security solution actually administered by the IT department.

By being the department of “No,” corporate IT departments are just taking themselves out of the conversation. Saying no to user needs no longer ensures a safe IT environment, and in fact it does the opposite.

The extent to which IT departments are being left out of the conversation isn’t even obvious to most on the job. The average enterprise has 461 cloud apps up and running, according to Netskope VP of marketing, Jamie Barnett, which is almost 10 times more than what IT tends to estimate.

Half of all workers use some unapproved file sharing solution to perform their job, added Sanjay Castelino, VP of marketing at Spiceworks (News - Alert).

Part of the problem is that most workers don’t even see this as clandestine software use; among workers, you’re more likely to hear that they actually think they should be applauded for such BYOD initiative. After all, they’re just finding a way to stay productive when corporate isn’t giving them the tools they need.

Like many areas of business since the Internet revolution, enterprise IT is undergoing a seismic shift. The IT department needs to start realizing that BYOD and the cloud are here to stay, and that means command and control methods of software security enforcement no longer work.

Better to bend than to break, and that means reimagining the methods of the IT department. Instead of being the department of “No,” IT departments need to embrace a more flexible, partnership-based approach as epitomized by mobile device management solutions. Mobile Iron and other MDM solution providers give IT a measure of control, limiting the damage that worker-deployed apps and cloud solutions can do on corporate security. Crucially, though, they don’t try to stop BYOD use entirely.

BYOD is shadow innovation within companies, unauthorized adaption that is sometimes quick and dirty but often gets the job done as well if not better than corporate-authorized solutions.